New Books

Click on a book cover for more information or to order.SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.

802.1X Authentication Has Never Been So EasyStronger authentication is possible with 802.1X although several challenges currently exist for IEEE 802.1X NAC and authentication. For the most part, the challenges relate to the need for costly hardware, the complexity of integration, and other issues such as authorization and device compliance. 802.1X confers multiple benefits, including enhancements in security that is not dependent on PSKs (pre-shared keys), easy installation and setup of access permissions, and fully integrated management functionality. Given these pros and cons, 802.1x Network access control is a must-have when formulating solutions based on this authentication system. But how can this be achieved easily while not compromising security?

Mitigating Mobile CrimewareWith fraudsters increasingly turning their attention to the mobile channel, and the use of mobile increasingly exponentially for many types of transactions, organizations have to implement technologies to detect crimeware to protect their consumers and their own reputation.

The Top Game Changing Data Trends for 2018Infogix today identified pivotal data trends that will impact businesses in 2018 and beyond. These include
the convergence of data management technologies, growth of metadata management, and the increased focus on AI.

2018 Security Predictions: It's Still the Wild, Wild WestThe last US presidential election revealed the dangers and the difficulties of prognostication. But that doesn't deter those determined to look ahead at what we may face in 2018. We reached out to several security mavens to learn what worries them about the coming year. It's interesting how broad their concerns are, and how little they overlap. Yes, 2018 will be an interesting year.

The Evolution of Cybersecurity and the Rise of Threat HuntingThere's one thing for certain, hackers will continue to evolve their techniques and organizations must acknowledge that. It has become imperative to organizations to embrace the Zero Trust Model. This article explains why threat hunting can't be a one-time exercise. Instead, organizations must continuously verify endpoints to determine if they've been compromised, so quick action can be taken to limit damage and restore network integrity if a threat is detected.

Introduction to Big Data and Agile BusinessThe strategic approach to Big Data is aimed at extracting business value from the dynamically changing data. The chapter from Big Data Strategies for Agile Business introduces a framework that can convert the "potential" hidden in Big Data into "kinetic" value. It also discusses reducing the risks to businesses associated with adopting any new and disruptive technology, like Big Data.

Call for Chapter Proposals: Computer and Cyber Security: Principles, Algorithm, Applications and PerspectivesThe main objective of the book is to provide relevant theoretical frameworks and the latest empirical research findings in the area. It will be written for professionals who want to improve their understanding of the principles, challenges and applications of computer and cyber security. The book will help to identify the interesting and exciting areas of future research to apply these techniques. In addition, it will be an excellent book to teach a course on computer and cyber security. The material will prepare the students for exercising better protection in terms of understanding the motivation of the attackers and how to deal with and mitigate the situation in a better manner. The chapter proposals will be selected in the following categories to make a balance of theory, future research directions, and practical use cases; i.e., original research articles, case studies, and review articles in the aforementioned domain.

Mirai Goes Open Source and Morphs into PersiraiThe Mirai malware has become notorious for recruiting IoT devices to form botnets that have launched some of the largest distributed denial of service (DDoS) attacks we have recorded. Mirai came onto the scene in late-2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It is also purported to have been the basis of the attack in October 2016 that brought down many sites including Twitter, Netflix, and Airbnb. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

How Long Can Resources in Short Supply Last?Smart Energy: From Fire Making to the Post-Carbon World first traces the history of mankind's discovery and use of energy. It then reviews contemporary issues such as global warming, environmental deterioration, depletion of carbon energy sources, and energy disputes. Next, it evaluates technical innovations, system change, and international cooperation. Then, it tackles how civilization will continue to evolve in light of meeting future energy needs, how Smart Energy will meet these needs, and defines the global mission. The book closes with a summary of China’s dream of Smart Energy. This chapter considers how long petroleum, coal, and other carbon-based resources can last.

Microsoft Technologies BasicsThis chapter from Introduction to Middleware provides an overview of some Windows technologies that you'll need to understand Microsoft middleware technologies. And what's more important, it will give you some essential background you may need later on when you actually use these Microsoft middleware technologies.

Rebecca Herold's June Privacy Professor TipsThis month's Tips cover a wide range of topics, including privacy concerns on the dark web, fake emails that look totally real, security threats from your (not so smart) used car, considering if you could lose your new home to hackers, yet another public employee under fire for personal email use, yet more surveillance considerations, as well as healthcare security and privacy news. Plus, her current list of recent publications and upcoming events.

Basic Mechanisms and Principles of Mobile Cloud ComputingThis chapter from Mobile Cloud Computing: Models, Implementation, and Security introduces the development of mobile cloud computing and the key techniques, describes the nature of mobile cloud computing, identifies advantages and disadvantages, and describes basic considerations of deploying mobile cloud computing. It then introduces the main mobile techniques implemented in practice and the key features, defines wireless networking characteristics and ways of development, describes the main operating systems, and reviews the different generations of mobile devices. Finally. it introduces the mobile Internet and its characteristics, including Web services, wireless networks, and key techniques; describes the evolution of the mobile Internet, and details wireless access and prevailing standards.

How Special Interest Groups Use Social Media as a WeaponThere are hundreds of special interest groups involved in a wide variety of interests ranging from commerce, health, or art, to community development or religion. There are also groups that are involved in political and social causes. This excerpt from Social Media Warfare: Equal Weapons for All examines well-established special interest groups and the various types of special interest groups, as well as issues related to these groups: health care; guns, hate, and social media warfare; abortion debates and violent acts of extremists; environmentalists and eco-terrorists; lesbian, gay, bisexual and transsexual (LGBT) rights and social media warfare; and religious bias and discrimination in social media warfare.

Overview of Model-Based TestingModel-based testing is an application of model-based design for designing and, optionally, executing artifacts to perform software testing or system testing. Tester can use models to represent the desired behavior of a System Under Test (SUT) or represent testing strategies and a test environment. This excerpt from Paul C. Jorgensen's new book, The Craft of Model-Based Testing, introduces the concepts and clarifies the vocabulary and the components of model-based testing.

Introduction to Software Self-AdaptationSoftware sdaptation promotes the use of adaptors; i.e., specific computational entities guaranteeing that software components will interact in the right way not only at the signature level, but also at the behavioural, semantic and service levels. This excerpt from Software Adaptation in an Open Environment: A Software Architecture Perspective is a general introduction to the research on software self-adaptation. It introduces some new computing paradigms and methodologies emerged in open environments. Then it explains some basic concepts of self-adaptation, and the problems of self-adaptation in an open environment.

A New Profession: The Data Protection OfficerChapter IV, Section 4 of the new General Data Protection Regulation (GDPR) creates the new professional role of and requirement for organizations to designate a formal data protection officer for the organization. This essentially creates a new profession, described in this excerpt from The Data Protection Officer: Profession, Rules, and Role, perhaps one of a number of new professions and career paths related to data protection issues and the new data protection regime.

IoT Threats Underline the Need for Modern DDoS DefenseA chilling new report from Deloitte warns that the proliferation of IoT devices in 2017 will raise the threat of Distributed Denial of Service (DDoS) attacks. The scale and nature of the evolving DDoS threat means that companies need to modernize and implement new defense strategies if they want to avoid bad outcomes. This article discusses how, in the age of DDoS, big data power is a key ingredient to modern defense.

Selecting Platforms to Optimize IT OperationsA modernized IT operation that minimizes server and storage capacity, maximizes energy efficiency, improves the customer experience through higher service levels, enables your IT operation to scale cost-effectively, and helps your in-house IT team do more with less. Piece of cake, right? Read on for insight on how to make it happen in your organization.

Design of Virtual Machine Execution EngineThis chapter from Advanced Design and Implementation of Virtual Machines covers design of a VM execution engine. An execution engine is the component that performs the actual operations of the application code. Because the ultimate purpose of an application is to execute, an execution engine is usually considered the core component of a virtual machine (VM), and the other components support the execution engine. Sometimes, the design of the execution engine largely dictates the design of a VM. The two basic execution mechanisms are interpretation and compilation.

The Case for Managed Application and Infrastructure PerformanceAny organization that relies on IT solutions, either to engage with their customers or keep their employees connected and productive, has a critical need for application and infrastructure performance monitoring. Now that 2017 is here, your organization should assess how it addresses application downtime from both a budget and operations perspective. Here are questions you should ask about your IT systems.

An Overview of End-to-End Verifiable Voting SystemsThis excerpt from Real-World Electronic Voting: Design, Analysis and Deployment provides a comprehensive high-level introduction to the field of E2E voting. In this chapter, Syed Taha Ali and Judy Murray introduce security properties of voting systems; summarize the workings of some twenty of the most influential E2E voting systems, classified into four distinct categories, as per their reliance on cryptography (cryptographic and non-cryptographic systems), ballot format (physical and electronic ballots) and mode of voting (precinct-based and remote voting); and discuss open challenges to mainstream deployment of E2E voting systems.

Watch the Cloud Computing Space in 2017 and the Way It Will Improve BusinessThe cloud computing space is changing andimproving by the day. From affordability to flexibility, there is endless list of reasons why more and more businesses, regardless of nature and size, are moving to the cloud. So, with current development and evolution of the cloud space in mind, let's take a look at how cloud computing can improve businesses in 2017.

What Is Uncertainty in Machine Learning?Uncertainty is a common phenomenon in machine learning, which can be found in every phase of learning, such as data preprocessing, algorithm design, and model selection. The representation, measurement, and handling of uncertainty have a significant impact on the performance of a learning system. There are four common uncertainties in machine learning. This chapter from Learning with Uncertainty introduces the first three kinds of uncertainty, briefly lists the fourth uncertainty, and gives a short discussion about the relationships among the four uncertainties.

The Internal Audit CharterThe Internal Audit Charter, also referred to as "terms of reference," spells out the purpose, authority, and responsibility of the internal audit function of any organization. The charter provides the framework for the conduct of the internal audit function in any organization. It also provides a basis for the appraisal of the operations of the internal audit function and acts as a formal written agreement with management about the role and responsibility of the internal audit within the organization. This chapter from Internal Audit Practice from A to Z discusses the purpose, scope, authority, and responsibility of an internal audit charter.

Today's Software Development Landscape and How It Will ChangeSoftware testing is at a crucial cross-road today. It has changed dramatically over the last decade, and now is the time where the future is being defined. There is a lot of ambiguity today in the industry with developer-tester role mergers, and in some sense there is an identity crisis for testers. Software Testing 2020: Preparing for New Roles talks about all of these along with inputs from industry veterans, helping identify what the future beholds and how to prepare for it. This chapter from the book describes today's software development landscape.

Situational Project ManagementIn this video, Ginger Levin and Oliver Lehmann discuss Situational Project Management, the subject of his new book. They cover how to identify projects by type and how to manage them accordingly; the skill set required to lead projects successfully; how to use lessons learned to avoid future failed projects; how to apply life experiences to improve your ability of manage projects successfully; and how to manage a project according to the situation and the environment in which it exists.

Risk and Trust Assessment: Schemes for Cloud ServicesBoth risk and trust have been extensively studied in various contexts for hundreds of years. Risk management, and specifically risk assessment for IT, has also been a hot research topic for several decades. On the other hand, modeling risk and trust for cloud computing has attracted researchers only recently. This chapter from Cloud Computing Security: Foundations and Challenges provides a survey on cloud risk assessments made by various organizations, as well as risk and trust models developed for the cloud.

Corporate Defense FrameworkThe delivery of sustainable stakeholder value requires a subtle balance between the focus on value creation and value preservation In this video, Sean Lyons, author of Corporate Defense and the Value Preservation Imperative, explains what is required for effective corporate defense rather than the illusion of corporate defense. He presents an integrated corporate defense framework required in order to align an organization's critical corporate defense components. This multi-centric approach can help you develop a more holistic view of corporate defense.

Stop Squandering Time with All Talk and No ActionTrue or false: If a meeting ends with no actions, you didn't really need the meeting in the first place. Nancy Settle-Murphy's vote: Mostly true. Although some meetings may be held simply to cross-pollinate information or brainstorm new ideas, the goal of most meetings is to get something concrete accomplished. A resulting list of actions is often the most reliable barometer of progress. Why then do so many meetings end up with few, if any, action items? I have some suspicions. Simply put, she thinks that many of us give up too easily, offering a variety of excuses, some of which she enumerated in this article. For every excuse, she's provided at least a couple of choices.

Storage and Database Management for Big DataThe ability to collect and analyze large amounts of data is a growing problem within enterprise of all types. es faced by big data volume, velocity, and variety. While there has been great progress in the world of database technologies in the past few years, there are still many fundamental considerations that must be made. This chapter from Big Data: Storage, Sharing, and Security aims to address many of the pressing questions faced by people interested in using storage or database technologies to solve their big data problems.

Solving the Legacy Platform ProblemLegacy platforms are a major drag on the performance and cost of IT infrastructure. They must be retired to generate the ROI expected from upgrades and new hardware purchases, but frequently they hang on for years—adding power, maintenance, and support needs as well as security risks and other complications. Reasons for legacy leftovers range from dependency on busy development teams for migration projects, to a server-by-server migration approach that fails to account for complex workloads that traverse multiple servers. This article discusses the problems created by retaining workloads or data on old infrastructure as well as strategies for putting old platforms and applications out to pasture.

Claims-Based AuthenticationAuthentication is the process that deals with the establishment of identities. Claims-based authorization, at its simplest, checks the value of a claim and allows access to a resource based upon that value. A claim is a name-value pair that represents what the subject is, not what the subject can do. Clear as mud, right? Read this chapter from Enterprise Level Security for total clarity on claims-based authorization.

Instantly Improve Your Team Communications by Overturning 9 Dangerous MythsWhether running a project team or managing a group, most team leaders assume that their communications skills are pretty decent. So when they send emails, post documents, ping people on IM, or lead team meetings, they imagine that people are ready, willing and able to hear what they have to say. Magical thinking? You bet. This article shares some common instances of wishful thinking, or irrationally optimistic assumptions, which often lead to frustration and disappointment for leaders and their teams. As a counterpoint, it provides a tips to ground that wishful thinking more in reality, resulting in communications that actually may be nothing short of magical.

Operational AuditingThe IIA defines operational auditing as "Defining, measuring, evaluating, and improving the economy, efficiency, and performance effectiveness of the organization's operations and constituent activities irrespective of function, purpose, or level within the organizational structure." The chapter from Operational Assessment of IT explains what this means and how to apply it in the context of operational assessment of ICT.

Software Quality Assurance: Defect ManagementThis chapter from Software Quality Assurance: Integrating Testing, Security, and Audit deals with the conceptual aspects of defect management. There are three parts in this chapter. Part 1 discusses the basic concepts of a defect and why a defect happens. Part 2 introduces the practical methodologies of how to manage the defects. In this section, some sample documents and templates are provided to manage the defect properly. Part 3 discusses and analyzes the root causes of defects and provides recommendations of how to prevent defects in the future.

Introduction to Systematic Strategic PlanningThis chapter from Case Studies in Strategic Planning discusses systematic strategic planning (SSP) This is the pattern of procedures by which an organization defines its current status, opportunities, long-term goals, and the strategies for which to achieve them. SSP is based on the principles of PxD (Planning by Design). SSP consists of a framework of phases through which each project passes, a pattern of sections for straightforward planning, and the fundamentals involved in any strategic planning project.

Dissemination and Reporting of Electronically Stored InformationThis chapter from the new, second edition of Electronically Stored Information discusses the reasons and the methods for sharing the data we have so carefully acquired, preserved, and managed. There are several reasons and each may engender different approaches or procedures appropriate to the specific needs of those situations. These approaches include the format in which the data are produced, the content, the timing of release, and the actual physical media and process for delivering the electronic information. It also discusses reporting protocols and suggest some ideas to ensure that the reports you create are clear and concise. Finally, it presents tips for participating in depositions or as an expert witness.

How to Stop a Cultural Collision in Its TracksThe only way team members will be enthusiastic about collaborating is to openly talk through the cultural differences, as well as their respective organizations' values and beliefs. This will not be an easy conversation, and it won't be a short one either, given the number of differences standing in the way. Where do you start? Here are some questions to ask team members during your next team meeting to open the conversation and acknowledge the elephant in the room. Encourage examples and stories, to help the group understand what's really behind their differences. This will pave the way for your team to create its own team charter that blends the best of both cultures.

Combat Rude Behavior with Radical CivilityThe ability to thrive is the best way to ward off the negative effects of bad behavior. Two related, but distinct, paths can help get you there. Thriving cognitively occurs when we focus on improving our performance, learning new things, and finding ways to propel ourselves forward. Thriving affectively means that we are healthy of body and mind, and feel energized both inside and outside of work. These tips, taken together, can help you create a kind of personal armor that can help repel the damaging effects of rude behavior.

Today's Big Trends in Robotics: The RobolutionIn their surveys, McKinsey and many other analysts are promising the massive arrival of robots in our factories, our service companies, our cities, our countrysides, and our homes. Whatever the editorial stance and target audience, all of the media are talking about robotics in just about every issue or report published. Yet the reality of the robotics transformation varies depending on the country and continent, and many innovations are having a hard time carving out a significant place for themselves on the market. Everyone keeps talking over and over about the Robolution, but where does it really stand as we speak?"

To Get People Talking, Try Asking the Right QuestionsIt's happened to all of us: You pose a carefully-worded question, pause and wait for someone to respond. And then you hear nothing, other than an awkward, prolonged silence. In reality, if our entreaties are met by silence, it's because we simply haven't figured out how to invite people into the conversation the right way. Here are a few guidelines from Nancy Settle-Murphy to help you coax willing participation, most of the time, from even the most reticent virtual meeting participants. (These tips also work well when you're meeting face to face.)

Tackling Tough Issues Remotely, When Your Boss Is the ProblemWe hear a lot about how virtual leaders can deal effectively with workplace conflicts and performance problems. But we don't hear nearly as much about how to confront tough issues from the remote worker's point of view. And that's precisely what Sue Shellenbarger, Work and Family columnist for the Wall Street Journal, wanted to know when she contacted Nancy Settle-Murphy recently for an interview. Since Sue's questions were so insightful, Nancy has paraphrased three of them here, along with a few replies.

Developments and Challenges in Location MiningIdentifying the location of social media users would enable, say, law enforcement to determine where the users are if they have committed a crime. On the other hand, we may want to protect the location of innocent users. This excerpt from Analyzing and Securing Social Networks discusses the importance of location mining and provides an overview of the related efforts on this topic. It then discusses the challenges in location mining, as well as aspects of geospatial proximity and friendship.

Rebecca Herold: The Privacy Professor Tips of the Month—In this issue, You Are on the Dark Web; Fake Emails that Look Totally Real; Security Threats from Your Used Car; Could You Lose Your New Home to Hackers?; Another Public Employee Under Fire for Personal Email Use; and The Future of Surveillance Is Scary